Helper function bpf_redirect_peer

v5.10

Definition

Copyright (c) 2015 The Libbpf Authors. All rights reserved.

Redirect the packet to another net device of index ifindex. This helper is somewhat similar to bpf_redirect(), except that the redirection happens to the ifindex' peer device and the netns switch takes place from ingress to ingress without going through the CPU's backlog queue.

The flags argument is reserved and must be 0. The helper is currently only supported for tc BPF program types at the ingress hook and for veth and netkit target device types. The peer device must reside in a different network namespace.

Returns

The helper returns TC_ACT_REDIRECT on success or TC_ACT_SHOT on error.

static long (* const bpf_redirect_peer)(__u32 ifindex, __u64 flags) = (void *) 155;

Usage

Docs could be improved

This part of the docs is incomplete, contributions are very welcome

Note

v6.15 With this patch, bpf_redirect_peer now calls skb_scrub_packet. pkt_type is set to PACKET_HOST by default.

Program types

This helper call can be used in the following program types:

• BPF_PROG_TYPE_SCHED_ACT
• BPF_PROG_TYPE_SCHED_CLS

Example

#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>

SEC("tc/ingress") // redirect_peer works only on ingress direction
int bpf_redirect_peer_example(struct __sk_buff *skb) {
    __u32 if_index = 2; // interface index to redirect to

    // kernel version < 6.15,
    // you must explicitly call bpf_skb_change_type to update the pkt_type.
    return bpf_redirect_peer(if_index, 0);
}

char LICENSE[] SEC("license") = "Dual BSD/GPL";